The Weekly Cybers #6
A new plan for the Navy, failures at the BoM, robotax dramas, cyber failures, and criticisms of eSafety’s scan plan.
Welcome
It’s all aquatic this week, with a new plan for the Navy and some oceanic failures and even more problems at the Bureau of Meteorology.
We’ve also got robotax problems, cyber failures, criticisms of eSafety’s plan to Scan All The Things, and more.
Read on for this week’s digital and digital-adjacent developments from Canberra.
New navy plan includes big fat drone ships
“The Australian Government has released its blueprint for a larger and more lethal surface combatant fleet for the Royal Australian Navy [RAN],” says Defence.
As the Guardian headlined its report, the plan will double the surface fleet and add ‘optionally crewed’ warships.
[The plan includes] the intention to acquire six new large optionally crewed surface vessels (LOSVs) that can be operated remotely by a support vessel during wartime.
The plan will mean Australia reduces its order of Hunter-class frigates from nine to six. The new surface combatant fleet will also consist of three upgraded Hobart-class destroyers, 11 new general-purpose frigates to progressively replace the six remaining Anzac-class frigates, the six new LOSVs and 25 minor war vessels.
The cost?
An additional $1.7 billion over forward estimates and $11.1 billion over the next decade for accelerated delivery of the surface combatant fleet and to expand Australia’s shipbuilding industry.
The Mandarin listed the new surface combat fleet more conveniently. The annotations are mine:
- Three Hobart class air warfare destroyers with upgraded air defence and strike capabilities.
- Six Hunter class frigates, which ABC News described as “the world’s most expensive anti-submarine warship” because of course they do, to boost Navy’s undersea warfare and strike capabilities.
- 11 new general-purpose frigates that will provide maritime and land strike, air defence and escort capabilities.
- Six new Large Optionally Crewed Surface Vessels (LOSVs), which will significantly increase Navy’s long-range strike capacity.
- Six remaining Anzac class frigates, with the two oldest ships to be decommissioned as per their planned service life.
There’s more about the LOSVs at The Maritime Executive:
LUSV [that’s then US designation] is conceived of as a well-armed “magazine ship” about the size of an offshore supply vessel. It is intended to navigate autonomously, comply with COLREGs and keep itself running mechanically (within specified service periods). It is not intended to have an autonomous weapons package: instead, a remote, offboard human operator will have to initiate any target engagements. The model in question would have a magazine capacity of 32 vertical launch cells, the same as Australia's planned Hunter-class frigate.
For those interested in an industry-sponsored viewpoint, you might like the analysis from the Australian Strategic Policy Institute.
Overall the plan is to equip the RAN more appropriately for a conflict with a similarly armed opponent. Fewer small boats for chasing fishing vessels and refugees, more grunt for taking on modern high-tech opponents.
I wonder if they have anyone in mind.
Looking at the cyber angle, it’s not all that surprising that in a document about surface ship capability the words doesn’t appear in the plan at all, and the word “electronic” only once.
During epoch 1 (2023-2025) the maritime and land strike capabilities of the Hobart class destroyers and Anzac class frigates will be enhanced through the replacement of the aging Harpoon anti-ship missile with the Naval Strike Missile and the installation of the Tomahawk cruise missile for long-range strike. Whilst defensive in nature, the installation of additional electronic warfare systems will enhance the survivability of both platforms and enable the more effective employment of the strike missile systems.
Still, not everything is cyber, right?
Bureau of Meteorology fails to meet its science targets and lies in court, so that’s all fine and normal
Environment minister Tanya Plibersek has intervened after the Bureau of Meteorology lied to a court, reported The Saturday Paper.
The redoubtable Rick Morton details how the poor handling of an unfair dismissal case has “again exposed concern about the running of the Bureau of Meteorology [BoM], which continues to fail its international obligations and miss other targets”.
There’s obviously a serious culture problem at the BoM, and Morton’s article is worth reading for that alone. It’s a mess. But the result isn’t only damage to people. It’s also screwing up the science.
Weather radar “up time” – when equipment is functioning as planned – dropped to 95.5 per cent from 97.3 per cent. This was, in part, due to planned upgrades and maintenance, but almost half, or 40 per cent, of the downtime was due to faults.
Satellite network availability is down to 89%. The coastal sea level network is at 90%, the space weather network down to 73.5%, and the ozone network to 87.3%.
And as you might have suspected, the forecasts have been getting a bit stir too.
If you’re interested in cybersecurity then you’ll love this bit:
One employee was particularly critical of the bureau’s ROBUST program — a multifaceted upgrade of almost all major technology at the bureau — which had substantial funding provided by the federal government. The program began after the bureau was hacked by “foreign spies” in 2016 — although was not disclosed in budget papers.
“Spies? On the weather?” Well, yes. Because the BoM provides detailed weather models to the navy, and navies around the world are keen to know exactly where the ocean currents and thermoclines are because they affect how submarines can be detected via sonar.
Unfortunately:
The project, which began in 2018 and has been through several rounds of delays, has cost “more than one billion dollars” and ran into so much trouble that “other bureau projects have been cancelled to pay for the program extension”.
“It has been poorly managed from the very beginning but the secrecy has compounded the bad decisions,” one employee says.
And of course that supercomputer is also needed to help predict bushfires and dangerous weather more generally.
All in all, it’s a complete mess, and it’s about a lot more than just knowing whether to take an umbrella with you today.
If you prefer to listen to these stories, please be having the 7am podcast episode Why the Bureau of Meteorology lied to court.
After robodebt comes robotax
The Australian Taxation Office (ATO) is starting to smell a bit — and not just because, as I noted last week, they were caught by a $4.7 billion GST scam.
In his address to the National Press Club this week, ATO commissioner Chris Jordan said that the Albanese government could wipe $15 billion in robotax debts.
These are debt that the ATO has apparently been sitting on for years and finally decided to try collecting them — even though some of them date back before taxpayers are expected to keep records.
Surprise!
Weirdly, this also came directly after it was revealed that the ATO is trying to justify the expansion of robotax.
So, it’s a bad system, so let’s do more of it.
There’s a clue in Jordan’s speech:
Since 2013, we’ve reduced the cost of collecting every $100 of tax from 91 cents to 54 cents.
Which is fine as far as it goes. But cheaper isn’t necessarily better — especially when it results in weirdly inhumane tax collection strategies.
Jordan's tenure as tax commissioner ends this month after a decade in the job. The new commissioner will be Rob Heferen, most recently the chief executive officer of the Australian Institute of Health and Welfare, and though he does have ATO experience.
Meanwhile, “Services Australia quietly stopped its use of automation for social security and welfare claims processing almost 12 months ago, resulting in a blowout in wait times for some Centrelink payments,” reports InnovationAus.com.
Also in the news
- An uptick in data breaches caused by human error places government agencies back in the “top five” sectors by breach numbers for the first time in almost three years, reports iTnews. And in the Guardian, the Department of Finance says its second data breach in four months is “regrettable”. Which I suppose it is.
- In January there was a 15-hour outage of the parliamentarians’ expenses system because someone forgot to pay the bill. Maybe someone could’ve just paid it and claimed it back?
- “eSafety’s online storage and message scans ‘not technically good’ solution says Fastmail.” So eSafety will stop wanting to Scan All The Things until they fix this, right? Right? Oh.
- While we’re on that topic, Apple has warned against that mass file-scanning proposal.
- Australia and the UK have signed a new memorandum of understanding covering cooperation in online safety and security — a grab-bad of ideas from harmful online behaviour and “age assurance” to online child sexual exploitation and abuse, of course, and regulating AI.
- The government has opened a consultation on the type of SMS Sender ID Registry that should be introduced in Australia. The main question is “whether it should be mandatory or voluntary for all SMS alphanumeric sender IDs to be registered, to disrupt SMS impersonation scams”. Submissions close 20 March.
- Job agencies suspending Centrelink payments at an alarming rate, data reveals, reports the Guardian. “Exclusive: smaller Workforce Australia providers, including those catering to Indigenous jobseekers, have effectively suspended more than 90% of their caseloads.”
- The National AI Centre (NAIC), which is coordinated by CSIRO has launched a national AI sprint to “help startups and entrepreneurs rapidly develop AI solutions to address pressing national issues including cost of living, governance, supply chain resilience, human and environmental well-being, and workforce transformation”. And as we all know, doing things in a rush always makes them better.
- Finally, Public servants must do more to manage conflicts of interest, APS commissioner tells top bureaucrats.
Elsewhere
- Last weekend I posted a new podcast, The 9pm Artificially Intelligent Millipede Menace with Justin Warren. We spoke about panic, generative AI, millipedes, why Taylor Swift fans are so few in number that we need to create more of them using AI, smart toothbrushes, Elon Musk (briefly), disinformation, and the enshittification of everything. Much fun was had.
- The US and Australia need generative AI to give their forces a vital edge, apparently.
- “Did Taylor Swift’s Melbourne show literally break the internet because telcos underestimated Swifties?” Kinda. “The average data usage across the major providers was 15TB per concert for Taylor’s Melbourne shows... That’s the equivalent of 15,500 hours of video, lasting 1.7 years if it was played continuously.” And it’s about double what Ed Sheeran fans used.
- Apple reckons you should stop putting your wet iPhone into dry rice.
Please support my current crowdfunding campaign
As many of you know, my podcast The 9pm Edict and this newsletter are audience-supported. If you have a moment, it’d be great if you clicked through to The 9pm Autumn Series 2024, read the blurb, and maybe even pledged your support.
At the time of writing we’re 17% of the way to Target One. You have until 7 March, but why not do it now before you forget?
What’s next?
Parliament returns this coming Monday 26 February for four days of sitting.
Here’s the draft legislative programs for the Senate and the House of Representatives. I can see mention of the Treasury Laws Amendment (Consumer Data Right) Bill 2023 in the Senate, but the House seems busy with all the housing affordability stuff.
On Wednesday we’re due to see the reports from the inquiry into the Digital ID bills and the inquiry into the Optus network outage, so that should be fun.
And I’ll be back with you next Friday afternoon.
Any questions or comments? Just reply to this email. Cheers.
The Weekly Cybers is a personal look at what the Australian government has been saying and doing in the digital and cyber realms, on various adjacent topics, and whatever else interests me, Stilgherrian, published every Friday afternoon (nearly).
If I’ve missed anything, or if there’s any specific items you’d like me to follow, please let me know.
If you find this newsletter useful, please consider throwing a tip into the tip jar.
This is not specifically a cyber *security* newsletter. For that that I recommend Risky Biz News and Cyber Daily, among others.